I'm pleased to announce the release of Spring Security SAML 1.0.1. This release is passive to 1.0.0 the highlights of which are:

• Added support for Spring Security 4.0
• Added integration guide with Okta
• MaxAuthenticationAge time supports longer expiration times than 21 days
• Deployment without JKS keystore is now supported
• Service provider can now define multiple assertion consumer endpoints with same binding
• Minor fixes and documentation improvements

Project Site | Documentation | Changelog

I’m pleased to announce the release of Spring LDAP 2.0.3.RELEASE. The highlights of this release include:

• LDAP-330 - Support for Spring Data Commons 1.10 (Spring Data Fowler)
• LDAP-304 - NullPointerException DirContextAdapter.collectModifications
• LDAP-314 - repository methods ignoring @Entity(base=)
• LDAP-317 - ldap:context-source/url not parsing properties #{}
• LDAP-321 - IllegalStateException: No value for key PoolingContextSource

For additional information on the release, refer to the changelog.

Project Site | Reference | Issues

I'm pleased to announce the release of Spring Security 4.0.1.RELEASE. This release is the first maintenance release of the 4.0 line and focusses on fixing any major issues that were found in the new release. For complete details on the release, refer to the Change Log.

Project Site | Reference | Guides

I'm pleased to announce the release of Spring Session 1.0.1.RELEASE. You can find the release in Maven Central.

This release fixes 30+ tickets. You can find the highlights below:

Highlights

The highlights of Spring Session 1.0.1 are available below:

• Support for AWS ElastiCache #124
• Servlet 3.1 fixes #152. This resolves issues when running Spring Security and Spring Boot 1.2
• Servlet 2.5 fixes #111 #182
• Added Servlet 2.5 & XML based configuration sample and guide
• Embedded Redis used in Samples now works on Windows 64 bit #174
• New Spring Session Logo #130

Site | Documentation | Javadoc | Issues | Help | Source | …

On behalf of the Spring Security Kerberos team, I'm pleased to announce the release of Spring Security Kerberos 1.0.0.RC2. This release brings a number of changes. The highlights can be found below:

• Added support LdapContextSource. Special thanks to Nelson Rodrigues for this contribution!
• Repackaging for better management of dependencies
  • Specific implementations are moved to their own packages to signal additional optional dependencies
  • spring-security-kerberos-web now contains all of the web related dependencies (i.e. servlet dependencies)
• Bug fixes

We’d love to hear back what people think by participating in a project or simply creating issues or feature requests at GitHub…

I'm pleased to announce the release of Spring Security 4.0.0.RELEASE which closes over 175+ tickets. You can find the highlights below:

WebSocket Support

Spring Security 4 added WebSocket Support. It is now possible to use Spring Security with Spring's WebSocket support.

Spring Data Integration

Spring Security 4 added Spring Data Integration. It is now possible to refer to Spring Security's user within Spring Data queries using SpEL.

Test Support

Spring Security 4 has added Test Support. It is now much easier to write tests with Spring Security applications.

More Secure by Default

As exploits…

I'm pleased to announce the release of Spring Security 3.2.7.RELEASE. This release brings a number of bug fixes including a fix for a regression in the Active Directory support.

Project Site | Reference | Guides | Issues

I'm pleased to announce the release of Spring Security 3.2.6.RELEASE. This release contains some important fixes (many addressing Java Configuration and Spring Boot issues). You can find a complete list of changes in the changelog.

Project Site | Reference | Guides | Issues

We are please to announce the release of Spring Security 4.0.0.RC2.

We were very keen on doing a GA release, but due to community feedback we decided that another RC was necessary. Ultimately, this release resolved nearly 50 tickets.

A summary of changes can be seen below:

• Support for enforcing Same Origin for WebSocket connections
• Refinements in WebSocket Configuration (SEC-2827 SEC-2833 SEC-2853 )
• More intuitive HTTP Response Headers Configuration (SEC-2846)

Assuming everything goes smoothly, the plan is to do a GA release in approximately two weeks. In the meantime, make sure to try…

I'm pleased to announce the release of Spring Session 1.0.0.RELEASE. You can find the release in Maven Central.

Features

Spring Session provides the following features:

• API and implementations (i.e. Redis) for managing a user's session
• HttpSession - allows replacing the HttpSession in an application container (i.e. Tomcat) neutral way. Additional features include:
  • Clustered Sessions - Spring Session makes it trivial to support clustered sessions without being tied to an application container specific solution.
  • Multiple Browser Sessions - Spring Session supports managing multiple users' sessions in a single browser instance (i.e. multiple authenticated accounts similar to Google).
  • RESTful APIs - Spring Session allows providing session ids in headers to work with RESTful APIs
  …